Ongoing Scans Below the Radar, (Sat, Dec 31st)
With the rise of botnets like Mirai[1], we have seen ahuge increase of port scans to find new open ports like %%port:2323%% or later %%port:6789%%. If the classic %%port:80%% and %%port:23%% remain"...
View ArticleClik here to view.
py2exe Decompiling - Part 1, (Sat, Jan 1st)
This malware sample is written in Python and compiled to a .exe file with py2exe (we also wrote diary entries about Python malware compiled with PyInstaller). Looking at the resources with pecheck.py,...
View ArticleISC Stormcast For Tuesday, January 3rd 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Wednesday, January 4th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password...
A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an encrypted PDF that required a...
View ArticleISC Stormcast For Thursday, January 5th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleNew Year's Resolution: Build Your Own Malware Lab?, (Thu, Jan 5th)
If youre looking to build your own malware lab using open-source tools to take your GREM skills to the next level, take a look at Robert Simmons of ThreatConnects talk at VirusBulletin from a few...
View ArticleWas the Brazilian version of Google hijacked two days ago?, (Thu, Jan 5th)
ISC reader Renato Marihno wrote in with some interesting observations out of Brazil the last couple of days. It seems for about 30 minutes on January 3rd, google.com.br did not point to Googles IP...
View ArticleISC Stormcast For Friday, January 6th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleRansomware Operators Cold Calling UK Schools to Get Malware Through, (Fri,...
UK Law Enforcement authorities released an alert on Wednesday about a new tactic to install ransomware. There are generally two approaches to ransomware attacks, napalm the earth and what I call...
View ArticleCheck out this neat ransomware timeline from Privacy-PC...
-- John Bambenek bambenek \at\ gmail /dot/ com Fidelis Cybersecurity (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleGreat Misadventures of Security Vendors: Absurd Sandboxing Edition, (Fri,...
Like many security researchers, I employ a variety of OPSEC techniques to help detect if I have been targeted by something for whatever reason. One of those techniques I use in Virustotal is basically...
View ArticleUS Intelligence Agency Releases Report on Russian Hacking During US Election:...
-- John Bambenek bambenek \at\ gmail /dot/ com Fidelis Cybersecurity (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleUsing Security Tools to Compromize a Network, (Sat, Jan 7th)
One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal...
View ArticleMerry X-Mas ransomware from Sunday 2017-01-08, (Mon, Jan 9th)
Introduction On Tuesday 2017-01-03, BleepingComputer published an article about Merry X-Mas Ransomware [1]. This ransomware was first seen by people like @PolarToffee, @dvk01uk, and @Techhelplistcom....
View ArticleISC Stormcast For Monday, January 9th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Tuesday, January 10th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleRealtors Be Aware: You Are a Target, (Tue, Jan 10th)
Real estate transactions are some of the higher value transactionsperformed by individuals and organizations. They often exceed hundreds of thousands of dollars in value, and for commercial properties,...
View ArticlePort 37777 "MapTable" Requests, (Tue, Jan 10th)
Thanks to Bj">c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP,...
View ArticleAdobe January 2017 Patches, (Tue, Jan 10th)
Adobe today released a security update for Flash (APSB17-02) and it updated an update released last week for Acrobat/PDF Reader (APSB17-01). The Acrobat/PDF Reader update addresses 29 vulnerabilities....
View Article